i made a Webapp for a Company - they now want a SAML SSO login for all their employees (with
their Office 365 account)
I have no idea how to implement that
Are there any paid solutions ($500 max) that I can embed?
Are there freelancers who can do something like this for me cheaply - what would something like this cost?
Are there already open source solutions for this (a Java library that I can integrate)
Thanx for information
Erich
SSO is new territory for me
Related
I have received email from Google with subject: [Action Required] Submit your app(s) for Restricted Scopes OAuth verification,
same as many of you.
I'm using GAS only for developing applications for my personal use - not for public. Applications such as sending summary emails to my clients, when they buy a product from my web pages.
Do I have to go through the whole process of verification?
Do I have to create public Terms of Service?
Is there any way how I can explain to google, that my applications are not used by anybody else then by
me?
How to get to know for sure that my app won't stop?
I have read through FAQ (https://support.google.com/cloud/answer/9110914) and many other documents by google about this topic..
I have checked similar questions found on web, but with no luck of answers.. It looks it's pretty new experience for all of us..
Thank you for any advices.
I have personal account, so I can't use "internal apps" selection, this works only for paid G-suite customers which I'm not.
EDIT:
As Yoel Vinitsky stated, app doesn't need verification if it has only one user.
Here at bottom: https://support.google.com/cloud/answer/7454865 is table which shows that there is quota 100 new users in total, once the app presents the unverified app screen.
It seems like that I don't have to worry about verification of my apps at all, because I'm the only one user or maybe I use this app from 2 or 3 more users emails so it should be ok, my question is, is it going to be ok without verification, or not?
EDIT 2:
Google sent clarification email:
NO ACTION is required if:
Only owners use the project: If the project is only used by owners of the project, no action is required.
To determine whether you are an owner (versus an editor or viewer), follow these steps:
Click the project link above to navigate to its OAuth Consent Screen
configuration page.
Click the Navigation Menu button in the
upper-left corner, select IAM & admin, and click IAM. This will show you all project contributors and their roles.
The project doesn’t have users outside of your G Suite domain:If the project owner is using a G Suite account and the project is only used by Google Accounts in the project owner’s domain, no action is required (learn more here).
But the question is how to avoid verification with personal accounts for my own scripts used only by me?
As mentioned in the support FAQ You linked to:
When can I skip publishing my app for a review?
You do not need to request for verification if your app is
going to be used in any of the following scenarios:
1) The app is not shared with anyone else.
2) The app is used to send emails through WordPress, or
3) similar single account SMTP plug-ins.
The only drawbacks should be the warning that your app is unverified and maybe quota limits.
Is it possible to access mobile phone contacts/google contacts through a mobile/desktop website.
I am okay with the access being similar to playstore app where a user first have to allow the website to access contacts
Thanks
You can access Google's People APIs.
To easily get permission and do authentication on behalf of the user to those APIs, you can use Google Play Services GoogleAPI service, see this and this.
We are working on a mobile application that fetches public profile of our company's employees. Although we have their LinkedIn user-name but still have to ask them to go to a specific page and sync their profiles with our app by authentication. ( https://api.linkedin.com/v1/people/~?format=json )
I also have worked on accessing info without asking our employees to visit our app and authenticate using;
https://api.linkedin.com/v1/people/id=pr61Fk_Yb_?format=json
And
https://api.linkedin.com/v1/people/url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fbaqer-naqvi-32194649?format=json
Is there any else way to fetch the public profile ?
I just figured it out that I can search people using people-search API which is available only to partners.
Query
https://api.linkedin.com/v1/people-search:(people:(id,first-name,last-name,headline,picture-url,industry,positions:(id,title,summary,start-date,end-date,is-current,company:(id,name,type,size,industry,ticker)),educations:(id,school-name,field-of-study,start-date,end-date,degree,activities,notes)),num-results)?first-name=parameter&last-name=parameter
Google have multiple products like Youtube, Gmail, Google Drive and many more. When we login into one product like gmail then while hitting another product like youtube we will enter into this account without login. Then My question is how google uses cookies for different domain like youtube, gmail and any other. If anyone knows about this please let me know thanks in advance
This is not google specific thing. You have to study more about single-sign-on and claims based authentication to understand how this is achieved.
The common protocols used in these scenarios are OAuth and OpenId Connect.
Basically 3 parties involved here. The User, The Application, The IP(Identity Provider).
In this example Gmail, youtube and google drive, all are applications. They all use google(accounts.google.com) as identity provider. When user try to access an Application(gmail,youtube) he is redirected to the identity provider(accounts.google.com) and get authenticated. The identity provider issue a cookie(from accounts.google.com domain) to the user. The application receive Token from Identity provider saying user is authenticated and after validation of the token, application also issue another cookie(from gmail.com or youtube.com) to the user.
As long as user has the cookie issued from identity provider, he don't want to sign in again when he logs into an application that use the same identity provider.
How can I (as a vendor contracted to develop an app for an enterprise) publish an app to the Google Play Store on behalf of an enterprise?
They don't have a Google Play account set up but want the app to appear under their brand in the Google Play Store.
What's the correct technical (and legal) process I should follow to set up their account and give my own company access to publish on their behalf?
The bare minimum requirement that I am aware of is that your company should get a written consent from your client, authorizing your company to use their company's name, logo, brand, etc for the expressed purpose of being displayed in Google Play.
My company had done something similar, we publish branded apps for clients, though our company's name is used as the vendor name. One of those apps got removed because some zealous legal guy in one of our client companies found the app and, unaware of the cooperation between the companies, filed a complaint to Google. The app was reinstated without much fuzz after getting that guy to send another email to Google requesting the app to be reinstated, so it looks like Google doesn't have anything against this (assuming your client doesn't reside in a sanctioned country).
You can give them advance notice by providing legal documents via this link
https://support.google.com/googleplay/android-developer/answer/6320428
From the page itself...
The Google Play App Review team accepts advance notice about your
upcoming app or store listing publishing event.
We only accept advance notice in the following scenario(s):
You have written documentation proving that you have permission to use
a 3rd party's intellectual property in your app or store listing (e.g.
Brand names and logos, graphic assets, audio, etc.). You have gambling
or casino-style elements in your game, and need to provide your Korean
Game Rating and Administrative Committee (GRAC) rating certificate to
Google so your game can be distributed in Korea.
Lesson learn by one suspended app. Hope this will help others. If your app suspended for such reason you can also contact them via link in the suspension email.